Total
7102 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-45811 | 2024-09-20 | N/A | N/A | ||
| Vite a frontend build tooling framework for javascript. In affected versions the contents of arbitrary files can be returned to the browser. `@fs` denies access to files outside of Vite serving allow list. Adding `?import&raw` to the URL bypasses this limitation and returns the file content if it exists. This issue has been patched in versions 5.4.6, 5.3.6, 5.2.14, 4.5.5, and 3.2.11. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-8969 | 2024-09-20 | N/A | 6.5 MEDIUM | ||
| OMFLOW from The SYSCOM Group has a vulnerability involving the exposure of sensitive data. This allows remote attackers who have logged into the system to obtain password hashes of all users and administrators. | |||||
| CVE-2021-45475 | 1 Yordam | 1 Library Automation System | 2024-09-17 | N/A | 5.3 MEDIUM |
| Yordam Library Information Document Automation product before version 19.02 has an unauthenticated Information disclosure vulnerability. | |||||
| CVE-2019-5640 | 1 Rapid7 | 1 Nexpose | 2024-09-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| Rapid7 Nexpose versions prior to 6.6.114 suffer from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the inspect element browser feature to remove the login panel and view the details available in the last webpage visited by previous user | |||||
| CVE-2021-20331 | 1 Mongodb | 1 C\# Driver | 2024-09-16 | 3.5 LOW | 4.9 MEDIUM |
| Specific versions of the MongoDB C# Driver may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when commands such as "saslStart", "saslContinue", "isMaster", "createUser", and "updateUser" are executed. Without due care, an application may inadvertently expose this authenticated-related information, e.g., by writing it to a log file. This issue only arises if an application enables the command listener feature (this is not enabled by default). This issue affects the MongoDB C# Driver v2.12 versions prior to and including 2.12.1. | |||||
| CVE-2024-28834 | 2024-09-12 | N/A | N/A | ||
| A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel. | |||||
| CVE-2024-21902 | 1 Qnap | 2 Qts, Quts Hero | 2024-09-11 | N/A | 8.1 HIGH |
| An incorrect permission assignment for critical resource vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later | |||||
| CVE-2018-1546 | 1 Ibm | 1 Api Connect | 2024-09-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142650. | |||||
| CVE-2024-41698 | 1 Priority-software | 1 Priority | 2024-09-03 | N/A | 7.5 HIGH |
| Priority – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | |||||
| CVE-2024-41700 | 1 Barix | 1 Sip Client Firmware | 2024-09-03 | N/A | 7.5 HIGH |
| Barix – CWE-200 Exposure of Sensitive Information to an Unauthorized Actor | |||||
| CVE-2024-42337 | 1 Cyberark | 1 Identity | 2024-08-30 | N/A | 6.5 MEDIUM |
| CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | |||||
| CVE-2024-42338 | 1 Cyberark | 1 Identity | 2024-08-30 | N/A | 4.3 MEDIUM |
| CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | |||||
| CVE-2024-43319 | 2024-08-26 | N/A | N/A | ||
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in bPlugins LLC Flash & HTML5 Video.This issue affects Flash & HTML5 Video: from n/a through 2.5.31. | |||||
| CVE-2024-37924 | 2024-08-13 | N/A | N/A | ||
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wp2speed WP2Speed Faster allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP2Speed Faster: from n/a through 1.0.1. | |||||
| CVE-2024-38760 | 2024-08-13 | N/A | N/A | ||
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in David Maucher Send Users Email allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Send Users Email: from n/a through 1.5.1. | |||||
| CVE-2024-38742 | 2024-08-13 | N/A | N/A | ||
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in MBE Worldwide S.P.A. MBE eShip allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MBE eShip: from n/a through 2.1.2. | |||||
| CVE-2024-38747 | 2024-08-13 | N/A | N/A | ||
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HitPay Payment Solutions Pte Ltd HitPay Payment Gateway for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects HitPay Payment Gateway for WooCommerce: from n/a through 4.1.3. | |||||
| CVE-2024-38787 | 2024-08-13 | N/A | N/A | ||
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Codection Import and export users and customers allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Import and export users and customers: from n/a through 1.26.8. | |||||
| CVE-2005-1754 | 2 Apache Tomcat, Sun | 2 Apache Tomcat, Javamail | 2024-08-07 | 5.0 MEDIUM | N/A |
| JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products. | |||||
| CVE-2006-0369 | 1 Oracle | 1 Mysql | 2024-08-07 | 2.1 LOW | N/A |
| MySQL 5.0.18 allows local users with access to a VIEW to obtain sensitive information via the "SELECT * FROM information_schema.views;" query, which returns the query that created the VIEW. NOTE: this issue has been disputed by third parties, saying that the availability of the schema is a normal and sometimes desired aspect of database access | |||||